<?php

namespace App\Middlewares;

use App\Exceptions\CrossDomainException;
use Base\BaseController;
use Base\MiddlewareInterface;

class CrossDomainMiddleware implements MiddlewareInterface
{
    public static function handle(BaseController &$controller)
    {
        $origin = $controller->request()->getHeaderLine('origin') ?? '*';
        $allowOrigin = explode(',', config('env.CROSS_DOMAIN'));
        if (!in_array($origin, $allowOrigin) && !in_array('*', $allowOrigin)) {
            throw new CrossDomainException();
        }
    }
}
